: Get Vulnerability Scan Reports from Tenable
Focus
Focus

Get Vulnerability Scan Reports from Tenable

Table of Contents

Get Vulnerability Scan Reports from Tenable

Import Tenable vulnerability scan reports into IoT Security and view them from the IoT Security portal.
XSOAR can run jobs that download vulnerability scan reports from Tenable, even those not initiated from the IoT Security portal, and then export them to IoT Security when they include devices in the IoT Security inventory.
One job runs periodically and downloads any new vulnerability scan reports that Tenable generated within the past hour. The other job must be manually initiated and downloads all reports from Tenable generated within the past 30 days in bulk.
Because the bulk job retrieves all vulnerability reports for the past 30 days, older reports for devices with dynamically assigned IP addresses might not align with devices using these IP addresses now. As a result, vulnerability information might be associated with the wrong devices and risk scores might be miscalculated. Therefore, use this tool sparingly and with caution, or rely solely on the periodic job to gather recently generated reports from Tenable incrementally.
Tenable supports scans of single devices and multiple devices. If a Tenable vulnerability scan report for single or multiple devices includes any devices in your IoT Security inventory, then the IoT Security portal displays the report on the Device Details page for the included devices and on the ReportsVulnerability Scan Reports page.
A vulnerability scan report for multiple devices contains results for all the scanned devices. However, IoT Security changes the report name of the file that each scanned device links to so that the name includes its MAC address. As a result, different report names will link to the same file if the report includes results for multiple devices.
If you are using the default integration instance (and haven’t changed its name) for the jobs that retrieve vulnerability scan reports from Tenable incrementally or in bulk, simply select one of the predefined jobs and click Enable or Run now:
  • PANW IoT Incremental Export of reports from Tenable (Enable)
  • PANW IoT Bulk Export of reports from Tenable (Run now)
If you are using a custom-defined integration instance that you created, follow the steps below.
  1. Create an XSOAR job to retrieve vulnerability scan reports from Tenable incrementally.
    1. Navigate to Settings in the XSOAR UI, open the Tenable integration instance that you previously created, and copy the integration instance name.
    2. Navigate to Jobs and then click New Job at the top of the page.
    3. In the New Job panel that appears, enter the following and leave the other settings at their default values:
      Recurring: Select this to poll Tenable periodically for new reports.
      Every: Enter a number and set the interval value (Minutes, Hours, Days, or Weeks) and select the days on which to run the job. (To run the job every day, either select all days or leave them unselected.) This determines how often XSOAR checks Tenable for scan reports generated within the past hour and downloads them if available.
      To ensure IoT Security doesn’t miss any reports, set this for 1 hour (or 60 minutes).
      Name: Enter a name for the job.
      Playbook: Choose Incremental Tenable Get Scans and Report Handling V2- PANW IoT 3rd Party Integration.
      Integration Instance Name: Paste the Tenable integration instance name you copied.
    4. Click Create new job.
    5. To start running the job at recurring intervals, select the job and click Enable at the top of the Jobs table.
  2. Create an XSOAR job to retrieve vulnerability scan reports from Tenable in bulk.
    1. On the Settings page in the XSOAR UI, open the Tenable integration instance that you previously created and copy the integration instance name.
    2. Navigate to Jobs and then click New Job at the top of the page.
    3. In the New Job panel, enter the following and leave the other settings at their default values:
      Name: Enter a name for the job.
      Playbook: Choose Bulk Tenable Get Scans and Report Handling V2- PANW IoT 3rd Party Integration.
      Integration Instance Name: Paste the Tenable integration instance name you copied.
    4. Click Create new job.
    5. To initiate the job, select it and then click Run now at the top of the Jobs table.
  3. View imported vulnerability scan reports in the IoT Security portal.
    Open the Device Details page for a device whose report you want to see and then click the link to the PDF in the Security summary section near the top of the page.
    or
    Click ReportsVulnerability Scan Reports and click the report name for a scanned device.